Loading...

Complex Paths and Derelict Sentinels: software engineering underpinnings of NTP vulnerabilities

153 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Sep 1, 2016

Complex Paths and Derelict Sentinels: software engineering underpinnings of recent NTP vulnerabilities

Matthew Van Gundy
Presented at the 2016 LangSec Workshop
at the IEEE Symposium on Security & Privacy Workshops
May 26, 2016
San Jose, CA
http://www.ieee-security.org/TC/SP2016/
http://spw16.langsec.org/

ABSTRACT
The Network Time Protocol and the NTP reference implementation are the de facto standard for synchronizing computer clocks on the Internet. In the past year, a number of vulnerabilities have been discovered which allow attackers to use NTP to arbitrarily control the clock of a remote system. In a number of cases, software engineering choices appear to have played a role in causing or obscuring the vulnerability. In this short presentation, we'll review several recent vulnerabilities and highlight the software engineering choices that may have played a role in their origin.

Disclaimer: All opinions expressed are the speaker's personal opinions, not those of Cisco.

Loading...


to add this to Watch Later

Add to

Loading playlists...